3230 matches found
CVE-2025-9717
A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xorganizationassemblecontrol/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelNa...
CVE-2025-9608
A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The...
CVE-2025-9582
A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...
PT-2025-35405
Name of the Vulnerable Software and Affected Versions: Campcodes Farm Management System version 1.0 Description: A security flaw has been discovered in Campcodes Farm Management System 1.0. The vulnerability affects an unknown functionality within the /review.php file. Manipulation of the pid...
Cudy LT500E 安全漏洞
The Cudy LT500E is a wireless router from the Chinese company Cudy. A security vulnerability exists in the Cudy LT500E version 2.3.12 and earlier, which stems from the firmware's use of hard-coded passwords in the /squashfs-root/etc/shadow file...
O2OA 安全漏洞
O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from cross-site scripting due to incorrect manipulation of the parameter name/alias in the file...
O2OA 安全漏洞
O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA 10.0-410 and earlier versions, which stems from cross-site scripting due to incorrect manipulation of the parameter name/alias/description/applicationName in the file...
i-Educar 安全漏洞
i-Educar is a free educational software from Portábilis Open Source. A security vulnerability exists in i-Educar version 2.10 and earlier, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter nmtipo in the file /intranet/educartipoensinocad.php...
PT-2025-35403
Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar up to version 2.10. The issue impacts an unknown function within the /intranet/educar nivel ensino cad.php file. Manipulation of the nm...
Grocery List Management Web App 安全漏洞
Grocery List Management Web App is a grocery list management system by the individual developer Ritesh Dhurve. A security vulnerability exists in Grocery List Management Web App that stems from a SQL injection attack due to incorrect manipulation of the parameter ID in the file /src/update.php...
CVE-2025-9418
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...
CVE-2025-9492
A vulnerability was determined in Campcodes Online Water Billing System 1.0. This affects an unknown function of the file /addclient1.php. Executing manipulation of the argument lname can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may b...
CVE-2025-9419
A vulnerability was detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /unit/addunit.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit is now public and may be...
CVE-2025-9681
A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /xprogramcenter/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be use...
CVE-2025-54945
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...
CVE-2025-54945 SUNNET Corporate Training Management System - External Control of File Name or Path
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...
CVE-2025-54945
CVE-2025-54945 affects SUNNET Corporate Training Management System prior to 10.11. The vulnerability is an external control of file name or path that enables remote attackers to execute arbitrary system commands by steering the destination file path. No explicit exploitation details are provided ...
CVE-2025-54945 SUNNET Corporate Training Management System - External Control of File Name or Path
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...
SUNNET Corporate Training Management System 安全漏洞
SUNNET Corporate Training Management System is a corporate training management system from SUNNET. A security vulnerability exists in SUNNET Corporate Training Management System versions prior to 10.11, which originates from an external control over file names or paths and could lead to the...
PT-2025-35339
Name of the Vulnerable Software and Affected Versions SUNNET Corporate Training Management System versions prior to 10.11 Description A file name or path vulnerability exists in SUNNET Corporate Training Management System that allows remote attackers to execute arbitrary system commands via a...